Email security: the cloud or the network?

No matter whether a business is 10 or 10,000 people strong, standalone anti-virus software is no longer enough to stand up to the onslaught of spam or the complex array of email security threats battering businesses. However, one of the key decisions for IT managers in any size of business is whether to opt for on-site email security software implemented on a company’s own network, or a hosted solution providing email protection at the internet level.

Some businesses might also find a layered solution combining both these elements is the best fit for their requirements. With recent IDC research finding that 69% of companies see software and hosted services as complementary, a layered solution for email security is gaining popularity. Many businesses recognise the advantage of having a hosted solution to filter out the majority of junk email at internet level, while wanting to keep more granular control of emails actually entering the corporate network. Every business is different.

With a hosted service, email protection is provided away from the customer network, thus keeping threats away from the network without any loss of control for the administrator. In essence, a hosted service offers businesses security checks similar to those carried out at airports allowing only legitimate and safe emails to enter a customer’s network.

Yet, how does an IT manager evaluate whether opting for a hosted service is the best option for their business model?

While predictability, capacity planning and IT resources are key deciding factors for hosted services, the need to have direct and granular control over sensitive data will heavily influence a choice of on-network software. Here are a few of the considerations for IT managers to weigh up when making a decision:

Cost and complexity

Using a hosted service reduces the cost and complexity of managing and maintaining in-house email security systems, as there are no hardware, software, maintenance or upgrade costs. With email security managed outside the corporate network, a business does not have to worry about tuning in-house security to keep up with rapidly changing techniques that spammers employ to evade detection.

Internal IT resources

Consider how these are best allocated. By using a hosted service, businesses can tap into the security expertise of their provider without the need to employ security experts directly. Instead, minimal in-house time is required to manage the service on a more strategic level.

Any hosted service worth its salt should provide SLAs to guarantee quality and consistency of service.

Network capacity and scalability

For the large enterprise with massive bandwidth and built-in server contingency, adjusting to daily fluctuations in email volume may not pose a problem. A smaller business with more limited bandwidth and hardware resource will find a hosted service offers reduced demands on network capacity, storage and ISP expenses as it blocks unwanted email before it even reaches the network. Essentially, a hosted service is infinitely scalable to business size and across multiple locations, with no unexpected capital costs incurred for new hardware equipment.

Email content inspection

The more levels of content inspection put in place for emails, the more thorough and granular protection is. In evaluating between hosted and on-network email security, IT managers need to consider the level of direct management control they want over the sensitive data in their company network.

Reporting and policy setting

With larger companies often obliged to report on email patterns for compliance reasons, the flexibility of on-network software offers more opportunity to tailor reports and set policies that map exactly into business requirements. Yet for many businesses, the standard reporting and policy management tools offered by hosted services are sufficient.

In choosing an email security solution, a cost-benefit analysis against the above factors will provide IT managers with an indication of what solution would be most suitable for their business. A general rule of thumb is that, where a business has few or stretched internal IT resources and several locations, and wants predictable capacity planning then IT managers should evaluate a hosted option. Where control of sensitive data is essential, on-network software or a layered option might be a better fit for requirements. All important is a solution that provides comprehensive email security against the latest threats and protects essential business information.